Ensure Communication Between AWS VPCs - Advanced Networking Specialty Exam Solution

AWS VPC Communication Across Companies in the Same Region

Prev Question Next Question

Question

A company has acquired another company.

Both companies have their presence in AWS and in the same region, US-East.

There is a requirement to ensure EC2 inside VPC A of the parent company and EC2 of VPC B of the parent company can communicate with each other.

Also, ensure EC2 inside VPC B of the parent company and EC2 inside VPC C of the acquired company can communicate with each other.

CIDR of VPC of each VPC are as follows VPC A: 10.9.0.0/16 VPC B: 10.11.0.0/16 VPC C: 172.16.0.0/16 How can you accomplish this Architecture?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. A. B. A. F. A. H.

Answer - A.

Requirement:

traffic from EC2 of VPC A and EC2 of VPC B of the same company can communicate.

Traffic from EC2 of VPC B of the current company and EC2 of VPC C of the acquired company can communicate.

CIDR of each VPC is different.

Both companies have resources in the US-East region.

Option A:It talks about creating 2 VPCs.

create VPC peering between VPC A and VPC.

B.Create VPC peering between VPC B and VPC.

C.This is possible as CIDR of all VPC is different and are in the same region.

Option B: It talks about creating 2 VPCs.

create VPC peering between VPC A and VPC.

C.Create VPC peering between VPC B and VPC.

C.In this architect, EC2 of VPC A and EC2 of VPC B can not be able to communicate with each other.

So this will not meet the requirement.

Option C: It talks about creating 1 VPC and 1 VPN.

create VPC peering between VPC A and VPC.

B.Create VPN between VPC B and VPC.

C.In this architect Creating VPN between VPC B and VPC C is not the correct solution.

So this will not meet the requirement.

Option D: It talks about creating 1 VPC and 1 VPN.

create VPC peering between VPC A and VPC.

C.Create VPN between VPC A and VPC.

B.In this architect Creating VPN between VPC A and VPC B is not the correct solution.

So this will not meet the requirement.

For more information on transit networks, please refer to the below URL.

https://aws.amazon.com/answers/networking/aws-global-transit-network/

To accomplish the requirement of allowing EC2 instances in VPC A, VPC B, and VPC C to communicate with each other, we have several options, but the best option is to use VPC peering.

VPC Peering is a network connection between two VPCs that enables you to route traffic between them privately. When two VPCs are peered, they behave as if they are part of the same network, and instances in one VPC can communicate with instances in the other VPC using private IP addresses.

Here's how we can use VPC peering to achieve the desired architecture:

  1. Create a VPC Peering connection between VPC A and VPC B:
  • In the AWS Management Console, navigate to the VPC Dashboard, and select VPC Peering Connections from the left-hand menu.
  • Click on Create Peering Connection and enter the following details:
    • Peering Connection Name: a unique name for the peering connection.
    • VPC (Requester): select VPC A.
    • VPC (Accepter): select VPC B.
    • Accepter Peering Connection Options: select the default option.
  • Click Create Peering Connection to create the peering connection.
  • Once the peering connection is created, you need to update the route tables of VPC A and VPC B to allow traffic between them.
  • In the VPC Dashboard, select Route Tables from the left-hand menu, and update the route tables of both VPCs to include the CIDR blocks of the other VPC.
  1. Create another VPC peering connection between VPC B and VPC C:
  • Follow the same steps as in Step 1, but select VPC B as the Requester and VPC C as the Accepter.
  • Update the route tables of VPC B and VPC C to allow traffic between them.

With this configuration, EC2 instances in VPC A can communicate with EC2 instances in VPC B, and EC2 instances in VPC B can communicate with EC2 instances in VPC C.

We don't need to create a VPN connection between any of the VPCs, as VPC peering is a more efficient and cost-effective way to connect VPCs. VPN connections are typically used to connect on-premises networks to AWS VPCs or to create secure connections between VPCs in different regions or accounts.